Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Open
Created by teor@teor

DoS subsystem should compare IPv6 /64

s7r writes:

Our internal DoS defense subsystem should also treat prefixes instead of addresses, because right now with a client with a /64 public IPv6 prefix assigned to it I could hammer via IPv6 guards without triggering the DoS defense.

https://lists.torproject.org/pipermail/tor-dev/2020-February/014144.html

We could make this change by:

  • only putting the first /64 of each IPv6 address in the filter list, and
  • only checking the first /64 of each new IPv6 connection
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information